Policy Manager
The Policy Manager APIs provide a powerful way to implement attribute-based access control and dynamic authorization for your organization’s services and data. These APIs allow you to define and enforce policies that determine whether a given resource request should be permitted or denied, enabling fine-grained, context-aware access control.
Use the following components in policies and rules to capture authorization logic:
-
Conditions: Define authorization logic by comparing one thing to another.
-
Targets: Use comparisons to help the decision service determine which policies or rules are relevant to a particular request.
-
Statements: Instruct the decision service to perform additional processing in conjunction with an authorization decision. In addition to allowing or blocking access to a resource, using statements, the decision service can attach information to decision responses and filter and transform API payloads.
-
Combining algorithms: To evaluate the overall decision of a policy, the decision service applies a combining algorithm. The algorithm determines how rules are combined to produce an authorization decision.